RSA BSAFE Crypto-C Micro Edition vulnerabilities (CVE-2019-3728 and CVE-2019-3733) and VanDyke VShell Server for Windows
Risk assessment: Medium-High (see below)
Posted: April 26, 2022
The VanDyke VShell Server for Windows uses RSA BSAFE Crypto-C Micro Edition for cryptography.
(CVE-2019-3728) Versions of RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 are vulnerable to a Buffer Over-read vulnerability when processing DSA signatures. A malicious remote user could potentially exploit this vulnerability to cause VShell to crash, leading to a denial of service. [High severity]
(CVE-2019-3733) Versions of RSA BSAFE Crypto-C Micro Edition prior to 4.1.4 are vulnerable to three Improper Clearing of Heap Memory Before Release vulnerabilities, also known as “Heap Inspection vulnerabilities”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. [Medium severity]
Products Not Affected
VShell 4.7 and newer versions for Windows
VShell for macOS and Linux
VShell 4.6.3 and earlier versions for Windows
Upgrade to VShell 4.7 or newer versions for Windows
Here you can control cookies using the checkboxes below. Some cookies are essential for the use of our website and cannot be disabled. Others provide a convenience to the user and, if disabled, may reduce the ease of use of our site. Finally, some cookies provide anonymous analytic tracking data that help us provide the user with a richer browsing experience. You can elect to disable these cookies as well.